class UserSessionsController < ApplicationController
  skip_before_filter :require_login, except: [:destroy]

  def new
    @user = User.new
  end

  def create
    if @user = login(params[:email], params[:password])

      # Get user permission here
      require 'net/http'
      source = 'http://140.211.68.130/getuserpermission'
      resp = Net::HTTP.post_form(URI.parse(source), 'username' => params[:email])
      data = resp.body
      result = JSON.parse(data)
      session[:permission] = result['permission']

      if(session[:permission] == "0")
        redirect_back_or_to(:applicant_home )
      elsif(session[:permission] == "1")
        redirect_back_or_to(:hiring_specialist_home )
      elsif(session[:permission] == "2")
        redirect_back_or_to(:staffing_expert_home )
      else
          redirect_back_or_to(:applicant_home )
      end
    else
      flash.now[:alert] = 'Login failed'
      render action: 'new'
    end
  end

  def destroy
    logout
    redirect_to(:login)
  end
end